CVE-2011-4967
https://notcve.org/view.php?id=CVE-2011-4967
tog-Pegasus has a package hash collision DoS vulnerability tog-Pegasus presenta una vulnerabilidad de DoS de colisión de paquete hash. • http://bugzilla.openpegasus.org/show_bug.cgi?id=9182 http://www.openwall.com/lists/oss-security/2012/12/14/2 https://access.redhat.com/security/cve/cve-2011-4967 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4967 https://www.securityfocus.com/bid/56941 • CWE-20: Improper Input Validation •
CVE-2008-4315 – tog-pegasus: failed authentication attempts not logged via PAM
https://notcve.org/view.php?id=CVE-2008-4315
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. tog-pegasus en OpenGroup Pegasus 2.7.0 en Red Hat Enterprise Linux (RHEL) 5, Fedora 9, y Fedora 10 no registra los intentos de autenticacion fallidos a el servidor OpenPegasus CIM, lo cual facilita a atacantes remotos evitar la detección de ataques de intento de adivinar passwords. • http://osvdb.org/50278 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securitytracker.com/id?1021281 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=472017 https://exchange.xforce.ibmcloud.com/vulnerabilities/46830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A •
CVE-2008-4313 – tog-pegasus: WBEM services access not restricted to dedicated user after 2.7.0 rebase
https://notcve.org/view.php?id=CVE-2008-4313
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. Un parche de Red Hat para tog-pegasus en OpenGroup Pegasus 2.7.0 no configura adecuadamente el nombre PAM tty, lo que permite a usuarios autenticados remotamente evitar las restricciones de acceso previstas y enviar peticiones a servicios OpenPegasus WBEM. • http://osvdb.org/50277 http://secunia.com/advisories/32862 http://www.redhat.com/support/errata/RHSA-2008-1001.html http://www.securityfocus.com/bid/32460 http://www.securitytracker.com/id?1021283 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9 https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10 https://bugzilla.redhat.com/show_bug.cgi?id=459217 https://exchange.xforce.ibmcloud.com/vulnerabilities/46829 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0003 – tog-pegasus pam authentication buffer overflow
https://notcve.org/view.php?id=CVE-2008-0003
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. Un desbordamiento del búfer en la región stack de la memoria en la función PAMBasicAuthenticator::PAMCallback en el servidor de administración de OpenPegasus CIM (tog-pegasus), cuando es compilado para usar PAM y sin PEGASUS_USE_PAM_STANDALONE_PROC definida, podría permitir a atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, una vulnerabilidad diferente de CVE -2007-5360. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000014.html http://osvdb.org/40082 http://secunia.com/advisories/28338 http://secunia.com/advisories/28462 http://secunia.com/advisories/29056 http://secunia.com/advisories/29785 http://secunia.com/advisories/29986 http://securitytracker.com/id?1019159 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.redhat.com/support/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2007-5360
https://notcve.org/view.php?id=CVE-2007-5360
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than CVE-2008-0003. El desbordamiento de búfer en OpenPegasus Management Server, cuando es compilado para usar PAM y con PEGASUS_USE_PAM_STANDALONE_PROC definido, tal como se usa en VMWare ESX Server versión 3.0.1 y versión 3.0.2, podría permitir que los atacantes remotos ejecuten código arbitrario por medio de vectores relacionados con la autenticación PAM, una vulnerabilidad diferente de CVE-2008-0003. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409 http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/28358 http://secunia.com/advisories/28368 http://secunia.com/advisories/28636 http://secunia.com/advisories/29986 http://securityreason.com/securityalert/3538 http://www.attrition.org/pipermail/vim/2008-January/001879.html http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •